Tracking Row-Level Changes in the Database

Imperva has added new technology into its SecureSphere product to track value changes in the database that violate compliance policies.

Imperva has built a new capability into its database monitoring product allowing users to track changes to sensitive values at the row level.
The technology, which the company calls Track Value Changes, is part of its SecureSphere Database Security Gateways software. Meant to track even the smallest changes to database values, company officials are touting the product as an answer to the so-called insider threat and the security needs of businesses looking to comply with regulations such as the Sarbanes-Oxley Act.

Unauthorized changes to databases can lead to long and complex forensic investigations to uncover what data changed and restore the original values, company officials said.

With Track Value Changes, SecureSphere monitors and audits the values of a specific record or a subset of table rows and allows organizations to set controls that generate alerts when changes to the data values violate pre-established policies or thresholds. For example, SecureSphere can recognize potentially fraudulent activity such as unusually large changes in credit card limits, excessive discounts in sales invoices or dramatic decreases in product inventory levels, officials said.
Imperva competes with a number of other companies in the enterprise database auditing space, including Application Security, Guardian, Lumigent Technologies and Tizor Systems.
Unlike trigger-based approaches, SecureSphere uses redo logs to monitor changes and identify the users who executed them.
"Database triggers require maintenance as they are not a one-time operation," said Mark Kraynak, the senior director of strategic marketing at Imperva. "SecureSphere's approach to tracking value changes is more automated for ongoing, effective performance without manual intervention. Finally, using database triggers to track value changes is like allowing the fox to guard the hen house, since database administrators control the mechanisms to create and modify triggers. SecureSphere's approach maintains separation of duties."
Also, unlike trigger-based approaches that require intrusive modifications to the database, SecureSphere's approach does not require changes to the database, he added. To track value changes, users can go to the policy management interface in SecureSphere and use the drop down menu to set acceptable policies, thresholds and ranges for changes to the database.
"SecureSphere has predefined templates users can use to deal with a variety of operations, including insert, delete, and change operations, to make tracking value changes and alerting on changes that violate policies easy and effective," Kraynak said.